System for encrypting and decrypting data using derivative equations and factors

ABSTRACT

A data cryptographer encrypts and decrypts character data of any given length using derivative equations and factors. The use of factors and derivative equations introduces the randomness required for effective encryption without the use of complex mathematics. A set of equations determined by the user is used in a manner similar to a key but with random results. Only a portion of the key is exposed to decrypt the encrypted information. The data cryptographer may be configured using either simple or complex equations and may be implemented in an unlimited number of variations. The data cryptographer is portable, and can be implemented in any programming language that supports cyclical character manipulation. The data cryptographer also supports input from a variety of sources, allowing control from the administrator side, string value side, or any other input that may be extracted from the desired programming language.

CROSS-REFERENCE TO RELATED APPLICATIONS

Under 35 USC § 120, this application is a continuation application andclaims the benefit of priority to U.S. patent application No.10/672,811, filed Sep. 26, 2003, entitled “Method for Encrypting andDecrypting Data Using Derivative Equations and Factors”, all of which isincorporated herein by reference.

FIELD OF THE INVENTION

The present invention generally relates to cryptography, and moreparticularly to an encryption and decryption system that utilizescustomizable equations and random values to securely encrypt and decryptinformation.

BACKGROUND OF THE INVENTION

Businesses, organizations, and individuals are becoming increasinglydependent on computers and data transmission. Consequently, largeamounts of communicated data need to be secure from unauthorized access.A primary method of securing transmission of information utilizescryptography, where a message or string of characters is transformedinto a form understood only by the intended recipient.

A typical conventional approach to encrypting data utilizes acryptographic algorithm and a set of cryptographic keys. The decryptingalgorithm is typically the same as the encrypting program performed inreverse order. Public-key encryption makes one key public and anotherkey private. Both the sender and the recipient should have the keys toencrypt and decrypt the information. Security of the encrypted datausing cryptographic keys depends on keeping the keys secret andprotecting the keys from being determined by third-party cryptanalysis.Methods for preventing cryptanalysis comprise iterated cryptosystems andthe “one time pad” cryptosystem. An example of an iterated cryptosystemis the Data Encryption Standard (DES) developed by IBM. An example of asecure public-key cryptosystem is the Rivest, Shamir, Adleman (RSA)system.

The “one time pad” system utilizes a randomly selected key. This key isused only once and is equal or greater in length than the data to beencrypted. Because the key is random and used only once, the probabilityof decrypting the encrypted data without the knowledge of the key isvery low. However, the recipient of the encrypted data requires the keyto decrypt the data and the recipient requires a new key for eachmessage. Consequently, a “one time pad” system is more appropriate fortransmitting top-secret messages such as government messages than forlarge quantities of data.

Fortunately, effective data security does not require an unbreakablecode. Rather, encrypted information should be encrypted at a level suchthat the work involved to decipher the encryption is greater than thereward for success.

Pseudo-random sequences are used to encrypt information provided thesequence is sufficiently random and secure. An adversary should not beable to predict a sequence based on past values or be able to deduceinitial values. The goal of pseudo-random sequences is for the sequenceto appear noise-like and non-repeating (aperiodic).

Algorithms utilizing equations from chaos theory have been used tocreate these pseudo-random sequences. The purpose of using equationsfrom chaos theory is to encrypt information in such a way that isaperiodic to prevent an adversary from decrypting information containedin the sequence. However, the equations and algorithms used to createthese pseudo-random sequences are complex.

Implementations of conventional approaches to encryption either involvestoring a key that is liable to discovery by an adversary or attacker,or utilizing complex chaos theory equations.

What is therefore needed is a system, a computer program product, and anassociated method for an encryption process that can be customized bythe user, making the encryption process unique to the user, thusproviding security from adversaries. This process should be easy toimplement and require minimal processing by the computer. The keys fordecrypting the encrypted information should not be stored in a databaseor transmitted in such a manner that adversaries may be able to decryptthe information. The need for such a system and method has heretoforeremained unsatisfied.

SUMMARY OF THE INVENTION

The present invention satisfies this need, and presents a system, acomputer program product, and an associated method (collectivelyreferred to herein as “the system” or “the present system”) forencrypting character data (strings) of any given length using derivativeequations and factors. The use of factors and derivative equationsintroduces the randomness required for effective encryption without theuse of complex mathematics such as chaos theory.

The present system uses for encryption a set of equations determined bythe user in a manner similar to a key. Unlike conventional encryptiontechnology using keys, the results can be random. In addition, only aportion of the key is exposed to decrypt the encrypted information.Unlike convention encryption technology using complex equations toproduce randomized results, the present system uses a simple approachthat may be customized by the user in an infinite variety of ways. Theuser may configure the present system using either simple or complexequations.

The present system is a simple process involving a minimum of steps toimplement. Unlike an application utilizing chaos theory equations,extensive mathematical skills are not required to implement the presentsystem. The present system may be implemented in an unlimited number ofvariations; no two implementations may be the same.

The present system is portable, and can be implemented in anyprogramming language that supports cyclical character manipulation;i.e., C, C++, Java, etc. The present system also supports input from avariety of sources, allowing control from the administrator side, stringvalue side, or any other input that may be extracted from the desiredprogramming language.

BRIEF DESCRIPTION OF THE DRAWINGS

The various features of the present invention and the manner ofattaining them will be described in greater detail with reference to thefollowing description, claims, and drawings, wherein reference numeralsare reused, where appropriate, to indicate a correspondence between thereferenced items, and wherein:

FIG. 1 is a schematic illustration of an exemplary operating environmentin which a cryptographic system of the present invention can be used;

FIG. 2 is a block diagram of the high-level architecture of thecryptographic system of FIG. 1;

FIG. 3 is a process flow chart illustrating a method of defining thefactors, derivatives, and equations used by the cryptographic system ofFIGS. 1 and 2;

FIG. 4 is a process flow chart illustrating a method of operation of thecryptographic system of FIGS. 1 and 2 when used to encrypt a password;and

FIG. 5 is comprised of FIGS. 5A and 5B and represents a process flowchart illustrating a method of operation of the cryptographic system ofFIGS. 1 and 2 when used to decrypt an encrypted password to authenticatea password entered by a user.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

The following definitions and explanations provide backgroundinformation pertaining to the technical field of the present invention,and are intended to facilitate the understanding of the presentinvention without limiting its scope:

Original String: Refers to a set of characters that representinformation requiring encryption.

Encrypted String: Refers to a set of characters that representinformation that has been encrypted such that the original string cannoteasily be determined.

FIG. 1 portrays an exemplary overall environment in which a system andassociated method for encrypting and decrypting data using derivativeequations and factors according to the present invention may be used.System 10 comprises a software programming code or a computer programproduct that is typically embedded within, or installed on a host server15. Alternatively, system 10 can be saved on a suitable storage mediumsuch as a diskette, a CD, a hard drive, or like devices.

Information in host server 15 that should be kept secure is encrypted bysystem 10 and stored in a database 20. Examples of such informationmight be passwords, credit card numbers, etc.

Users, such as remote Internet users, are represented by a variety ofcomputers such as computers 25, 30, 35, and can access the host server15 through a network 40. Computers 25, 30, 35 each comprise softwarethat allows the user to interface securely with the host server 15. Thehost server 15 is connected to network 40 via a communications link 45such as a telephone, cable, or satellite link. Computers 25, 30, 35 canbe connected to network 40 via communications links 50, 55, 60,respectively. While system 10 is described in terms of network 40,computers 25, 30, 35 may also access system 10 locally rather thanremotely. Computers 25, 30, 35 may access system 10 either manually, orautomatically through the use of an application.

The present system maps each character in an original string, S₀, to anencrypted character in an encrypted string, E₀, using a set ofequations. The original string, S₀, is comprised of N characters, C:

S ₀ =C ₀ , C ₁ , C ₂ , C ₃ , . . . , C _(N)

An implementer may use as many encryption equations as desired to obtainthe level of randomness and complexity required in the encryptionprocess. The implementer chooses a set of factors to be used in theequations.

The factors comprise the following types: factors provided by theadministrator, random values, or objects or values related to theoriginal string, etc. These factors may be, for example, a numberselected by the administrator, the current hour of the day, minute ofthe hour, or second of the minute, some other random number easilyavailable from the operating system of host server 15, or the length ofthe original string to be encrypted. In addition, the factors may berandom numbers created by a function such as a random generator or anequation such as the chaos equation.

In an exemplary embodiment, to create the encryption module, theimplementer creates an encryption equation that is a function of theoriginal string, S₀, and the factors:

E ₀ =f(S ₀ , F ₁ , F ₂ , . . . , F _(N)

where F₁, F₂, . . . , F_(N) are the factors. The implementer thencreates a set of derivative equations that are functions of the factors:

D ₁ =f(F ₁ , F ₂ , . . . , F _(N))

D ₂ =f(F ₁ , F ₂ , . . . , F _(N))

D _(N) =f(D ₁ , D ₂ , . . . , D _(N)).

To create the decryption module, the implementer uses the derivativevalues and factor decryption equations to solve for the factors F₁, F₂,. . . , FN:

F ₁ =f(D ₁ , D ₂ , . . . , D _(N))

F ₂ =f(D ₁ , D ₂ , . . . , D _(N))

F _(N) =f(D ₁ , D ₂ , . . . , D _(N))

The implementer then uses the encryption equation and the factors tosolve for the original string:

S _(D) =f(E₀ , F ₁ , F ₂ , . . . , F _(N))

The values stored in database 20 are the encrypted string E₀ and thederivatives. The encryption equation and derivative equations arewritten as programming code within the encryption module. The decryptionequation and factor decryption equations are written as programming codewithin the decryption module.

The encrypted string is created by encrypting each character of theoriginal string individually and concatenating the encrypted charactersto the encrypted string in order. Provided to the decryption module arethe encrypted string and the derivatives. Unless an adversary orattacker is able to access the encryption code, the adversary is unableto determine the relation between the characters in the string and thederivatives. In another feature of system 10, additional derivatives maybe provided that are not actually used to determine the factors; thepresence of these false derivatives provide an additional level ofsecurity in the encryption method of system 10.

The high-level architecture of system 10 is illustrated by the diagramof FIG. 2. An input 205 to an encryption module 210 comprises anoriginal string 215 (S₀) and factors 220 (F₁, F₂, . . . , F_(N)). Anoutput 225 from the encryption module 210 comprises derivatives 230 (D₁,D₂, . . . , D_(N)) and an encrypted string 235 (E₀). A decryption module240 decrypts output 225 to produce a decrypted string 245 (S_(D)). Thedecrypted string 245 is equal to the original string 215.

A method 300 illustrating the process of developing the encryptionmodule 210 and the decryption module 240 is illustrated by the processflow chart of FIG. 3. At block 305, an implementer such as a systemadministrator selects or defines factors 220. For example, theimplementer may choose a number, 7, the minute of the hour, and thelength of the string:

F₁=7

F₂=minute of the hour

F₃=length of the string.

Administrative keys form a subcategory of factors. The only requirementis that factors exist. Therefore, a set of factors using all randomfactors (i.e., another subcategory) is acceptable so long as thederivatives can be uniquely related to the factors.

The implementer then creates an encryption equation at block 310 thatdescribes the encryption equation as a function of a character in theoriginal string 215 and factors 220 (i.e., F₁, F₂, F₃). For example, theimplementer may create the following equation that maps a character inthe original string 215, S₀ (C), to a character in the encrypted string235, E₀(C):

E ₀(C)=S₀(C)+F ₁ +F ₂ *F ₃/2. (1)

The encryption equation may be as complex as the implementer requires,as long as the implementer can create derivative equations that can besolved by the decryption module 240 to determine factors 220.

The implementer creates a set of derivative equations at block 315. Thenumber of derivative equations required is greater or equal to thenumber of factors 220 selected by the implementer. For example, theimplementer may define derivatives 230 as follows:

D1=F1+F2−F3 (2)

D2=F1−2F2+3F3 (3)

D3=F3−F1+2 (4)

The encryption module 210 is comprised of the encryption equation,factors 220, and the derivative equations. The derivative equations maybe as complex as desired provided that an equation for factors 220 maybe written in terms of derivatives 230. Additional derivative equationsmay be created to act as decoys within the encryption and decryptionprocess. Because derivatives 230 are defined in terms of factors 220,factors 220 may change from encryption to encryption, allowing the useof random values based on time values such as the value the minute ofthe hour when the encryption is performed, for example.

The decryption module 240 comprises a set of factor decryption equationsand a decryption equation. The decryption equation uses factors 220derived from the factor decryption equations and the encrypted string235 to obtain the decrypted string 245, S_(D), that is equivalent to theoriginal string 215, S₀. The implementer solves the decryption equationsfor factors 220 at block 320, obtaining the factor decryption equationsthat map derivatives 230 to factors 220. For example, by using standardalgebraic manipulation the implementer may solve the exemplary factors220 in terms of derivatives 230 (i.e., D₁, D₂, and D₃):

F ₁=0.5D ₁+0.25D ₂−0.25D ₃+0.5 (5)

F ₂ =D ₁ +D ₃−2 (6)

F ₃=0.5D ₁+0.25D ₂+0.75 D ₃−1.5 (7)

The implementer then solves the encryption equation E₀ to obtain thedecryption equation (block 325). For example, equation (1) solved forthe original string 215, S₀, yields:

S _(D)(C)=S ₀(C)=E ₀(C)−F ₁ −F ₂ *F ₃/2 (8)

At block 330, the implementer converts the encryption equation andderivative equations into programming code for the encryption module210; the factor decryption equations and the decryption equations areconverted into programming code for the decryption module 240. Forexample, equations (1), (2), (3), and (4) are converted into programmingcode for the encryption module 210 and equations (5), (6), (7), and (8)are converted into programming code for the decryption module 240.

A method 400 of the encryption module 210 of system 10 is illustrated bya process flow chart of FIG. 4, using an example of a user registeringfor a service such as a paid subscription to a database. The userregisters for access to the database at block 405 by entering a username and a password. System 10 calls the encryption module 210 toencrypt the password at block 410. The encryption module 210 generatesfactors 220 as required by the encryption module 210 and calculatesderivatives 230 (block 415). Some of factors 220 used by the encryptionmodule 210 may be constant values provided by the administrator when theencryption module 210 is created. Other factors 220 may be random valuesgenerated by the encryption module 210 at the time the password isencrypted.

The encryption module 210 selects a character such as, for example, thefirst character in the password at block 420 and encrypts that characterusing the encryption equation at block 425. The encrypted character isappended to the encrypted string 235 at block 430. System 10 determinesat decision block 435 whether additional characters remain to beencrypted in the password. If additional characters remain to beencrypted, system 10 proceeds to block 440 and selects the nextcharacter in the password. Blocks 425 through 440 of method 400 arerepeated until no more characters remain for encryption (decision block435).

System 10 then stores the encrypted string 235 and derivatives 230generated at block 415 with the user name in a database record ofdatabase. While the encrypted password is stored with derivatives 230 indatabase 20, no information is stored that can be used to determine howto decrypt the password. The equations used to decrypt the password areprogramming code in the encryption module 210. To decrypt the password,an adversary would have to identify the appropriate equations in theencryption module 210 and then use derivatives 230 appropriately todecrypt the password; this is a very difficult task.

A method 500 for decrypting the encrypted string 235 is illustrated bythe process flow chart of FIG. 5 (FIGS. 5A and 5B), using the example ofauthenticating a user login to a subscription database with the storedencrypted password created by method 400. A user logs onto thesubscription database at block 505 with their user name and password.For the username provided by the user (block 510), system 10 retrievesthe encrypted password and derivatives 230 from the database 20.

System 10 then calls the decryption module 240 to decrypt the encryptedpassword at block 520. At block 525, the decryption module 240calculates factors 220 from derivatives 230 using the factor decryptionequations in the decryption module 240.

System 10 selects a character such as, for example, the first characterin the encrypted password for decryption (block 530). The decryptionmodule 240 decrypts the encrypted character at block 535 (FIG. 5B) usingfactors 220 and the decryption equation.

At block 540, system 10 appends the decrypted character to the decryptedstring 245. System 10 determines at decision block 545 whether anyadditional characters remain to be decrypted. If yes, system 10 proceedsto block 550 and selects the next character in the encrypted string 235.System 10 repeats blocks 535 through 550 until no characters in theencrypted string 235 remain to be decrypted.

After all the characters in the encrypted string 235 have beendecrypted, system 10 compares the decrypted string 245 with the passwordprovided by the user at log-on (block 560). If system 10 determines atdecision block 565 that the decrypted string 245 is identical to thepassword provided by the user, system 10 authenticates the user at block570, allowing the user access to the subscription database. If thedecrypted string 245 is not identical to the password provided by theuser, system 10 returns an error to the user and denies the user accessto the subscription database.

It is to be understood that the specific embodiments of the inventionthat have been described are merely illustrative of certain applicationsof the principle of the present invention. Numerous modifications may bemade to system and method for encrypting and decrypting data usingderivative equations and factors invention described herein withoutdeparting from the spirit and scope of the present invention.

In addition, while the present invention has been described in view of asingle dimension of sets of factors and derivative equations, it shouldbe understood that the sets of factors and derivative equations could besubsets of higher level sets of factors and derivative equations,respectively, with indicators that identify the higher level sets offactors and derivative equations that have been selected.

Moreover, while the present invention is described for illustrationpurpose only in relation to the WWW, it should be clear that theinvention is applicable as well to, for example, to any applicationwhere data is encrypted.

1. A system for encrypting and decrypting an original string, the systemcomprising: a processor; and a memory in communication with theprocessor, the memory storing a plurality of instructions that areexecutable by the processor, the plurality of instructions comprisinginstructions to implement, an encryption module configured to: receiveuser input defining a set of factors to be used for encrypting theoriginal string; receive user input defining an encryption equation thatmaps the original string to an encrypted string, the encryption equationbeing a function of the original string and the set of factors; receiveuser input defining a set of derivative equations, the set of derivativeequations being used to generate a derivative value from the set offactors; and provide one or more false derivatives that cannot be usedto determine a given factor from the set of factors; a databaseconfigured to store the encrypted string, the generated derivativevalues, and the one or more false derivative values; and a decryptionmodule configured to: use a set of factor decryption equations to mapeach of the generated derivative values stored in the database to acorresponding factor in the set of factors; and decrypt the encryptedstring stored in the database using a decryption equation and eachfactor mapped through the set of factor decryption equations to generatea decrypted string that is equal to the original string, wherein apresence of the one or more false derivative values with the generatedderivative values in the database prevents an attacker from knowingwhich of the one or more false derivative values and the generatedderivative values to use with the factor decryption equation to derivethe factors in the set of factors.
 2. The system of claim 1, wherein theset of factors comprises at least one of: constant values, numbers,objects, and random values that are derived from events.
 3. The systemof claim 1, wherein the set of factors comprises at least one of:constant values, numbers, objects, and random values that are derivedfrom values provided by equations.
 4. A computer program stored in acomputer readable medium to execute a method of encrypting anddecrypting an original string that is storable in a database, the methodcomprising: defining a set of factors to be used for encrypting theoriginal string; using an encryption equation to map the original stringto an encrypted string, the encryption equation being a function of theoriginal string and the set of factors; using a set of derivativeequations to generate derivative values from the set of factors; storingthe encrypted string and the generated derivative values in thedatabase; providing one or more false derivatives that cannot be used todetermine a given factor from the set of factors; additionally storingthe one or more false derivative values in the database with thegenerated derivative values; using a set of factor decryption equationsto map each of the generated derivative values stored in the database toa corresponding factor in the set of factors; and decrypting theencrypted string stored in the database using a decryption equation andeach factor mapped through the set of factor decryption equations togenerate a decrypted string that is equal to the original string,wherein a presence of the one or more false derivatives values with thegenerated derivative values in the database prevents an attacker fromknowing which of the one or more false derivative values and thegenerated derivative values to use with the factor decryption equationto derive the factors in the set of factors.
 5. The computer program ofclaim 4, wherein the set of factors comprises at least one of: constantvalues, numbers, objects, and random values that are derived fromevents.
 6. The computer program of claim 4, wherein the set of factorscomprises at least one of: constant values, numbers, objects, and randomvalues that are derived from values provided by equations.